danabot | a863231d2d7cba3242a94226ec537db57782500f138df3a0350d4535f60fff91 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a863231d2d7cba3242a94226ec537db57782500f138df3a0350d4535f60fff91
Size

382KB
Sample

221209-jpan2acf57
MD5

db2311cbdef88741b0ca3b6d27ea3802
SHA1

05f9e8aa6706326059f807a9db280f4df7001118
SHA256

a863231d2d7cba3242a94226ec537db57782500f138df3a0350d4535f60fff91
SHA512

3ef282f55cb51d5ea2f6c52a46e848c142f837f66732485516a3e5a4c718f2e81eff8a795f0ee7c94f912832c022aee2f8677e01a6f94138ef71db7eb7282b7b
SSDEEP

6144:5xkLbyBxZoEaBC4T79whh6K9W9FsWauuded89kTt:5unyBPJsCieIK9W9FsWvac

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

a863231d2d7cba3242a94226ec537db57782500f138df3a0350d4535f60fff91.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
341D2FD1638BB267A80C7445E1909B57
type
loader

Targets

- Target
  
  a863231d2d7cba3242a94226ec537db57782500f138df3a0350d4535f60fff91
- Size
  
  382KB
- MD5
  
  db2311cbdef88741b0ca3b6d27ea3802
- SHA1
  
  05f9e8aa6706326059f807a9db280f4df7001118
- SHA256
  
  a863231d2d7cba3242a94226ec537db57782500f138df3a0350d4535f60fff91
- SHA512
  
  3ef282f55cb51d5ea2f6c52a46e848c142f837f66732485516a3e5a4c718f2e81eff8a795f0ee7c94f912832c022aee2f8677e01a6f94138ef71db7eb7282b7b
- SSDEEP
  
  6144:5xkLbyBxZoEaBC4T79whh6K9W9FsWauuded89kTt:5unyBPJsCieIK9W9FsWvac
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy